RELATED RESOURCES

T-Mobile, AT&T Pledge to Stop Location Sharing by End of March

BY Dow Jones &amp; Company, Inc.— 2:52 PM ET 01/11/2019

T-Mobile US Inc. (TMUS) and AT&T Inc. (T) said they would stop feeding individual customers' real-time locations to data
middlemen after a report suggested the sensitive information is easy to pull without users' consent.

Tech website Motherboard reported this week that it paid a bounty hunter $300 to locate a T-Mobile handset by
tapping into a real-time feed that the carrier provided to an aggregator called Zumigo Inc.

T-Mobile Chief Executive John Legere said in a tweet earlier this week that the company is "completely ending
location aggregator work" in March but will need time to "do it the right way to avoid impacting consumers who use these
types of services for things like emergency assistance."

AT&T (T) also said this week it would cut off data aggregators' access to the information by March. The company said it
wound down most location sharing last year while still providing companies with customer information for services such
as roadside assistance.

"In light of recent reports about the misuse of location services, we have decided to eliminate all location
aggregation services -- even those with clear consumer benefits," the company said.

A spokesman for Verizon Communications Inc., which late last year added restrictions on its relationship with
location-data brokers, said the carrier plans to terminate its remaining agreements with four roadside-assistance
companies by the end of March. "We have terminated all other such arrangements," he said.

A Sprint Corp. spokeswoman said the company told Zumigo this week that it was terminating its contract. Sprint "
determined that Zumigo violated the terms of our contract by not sufficiently protecting Sprint customer data in its
relationship with MicroBilt," a credit-reporting company used in the bounty hunter example to pinpoint a phone.

Zumigo CEO Chirag Bakshi said his company cut off MicroBilt's access to all cellphone locations after the
Motherboard article published. "The incident that occurred was an illegal use of the data," Mr. Bakshi said in an
interview. "MicroBilt was supposed to be for lending...for a financial use case which was misused."

MicroBilt couldn't immediately be reached for comment.

Sprint continues to share what it says are non-personally identifiable location data with Pinsight Media, the
mobile data and advertising company it sold to InMobi last year, the spokeswoman said. It continues to share data with
some other third parties.

Cellphone companies made similar promises to protect user data six months ago after reports of lax oversight
prompted Sen. Ron Wyden (D., Ore.) to write the carriers seeking more information about their practices. The companies
at the time said they shared device locations with users' consent by outsourcing the work to aggregators like Zumigo.
Those aggregators shared the information with dozens of other companies that provide services such as freight tracking,
roadside assistance and bank fraud protection.

Wireless companies say they still collect and share groups of customers' location histories for advertising after
stripping away data that could identify individuals. That information is gathered through a separate process from the
real-time pinpointing used when a customer would like to be found by a tow-truck company, for instance.

Carriers can't provide wireless service without knowing their customers' rough whereabouts, which are determined by
measuring the distance to nearby cell towers. Mobile apps often get more precise location information through GPS, Wi-Fi
and Bluetooth signals, though customers can toggle the sharing of some of that information on their smartphones.

Mr. Bakshi said his company will probably continue serving clients like banks by reporting users' locations through
app-based data collection and that users confirm their willingness to share that information by responding to text
message requests. He said most Zumigo clients already seek consent through text messages.

In an interview Friday, Sen. Wyden said the recent reports show the need for a new federal privacy law to head off
"a national security and personal-safety nightmare." He said the carriers have pledged to improve their practices before
and fallen short of their promises.

"I'll believe it when I see it," he said. "I got the promises again yesterday, but I got the promises in 2018. I
don't want to be back in 2020 listening to the same wash, rinse and repeat."

Write to Drew FitzGerald at andrew.fitzgerald@wsj.com and Sarah Krouse at sarah.krouse@wsj.com